New Zero-Day Threat ExcelsBy Joe Wilcox | Posted 2007-02-05 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Microsoft has issued another security alert, this one for Excel, that has gone largely unnoticed.
Microsoft zero-day vulnerabilities are increasingly so commonplace, the risk is lost with the message. On Feb. 2, Microsoft issued another security alert, this one for Excel, that largely went unnoticed.
In its security bulletin, Microsoft warned that "other Office applications are potentially vulnerable" to the zero-day flaw.
Zero-day refers to a flaw for which there is an exploit but no available fix. The Excel vulnerability is Microsoft's fifth zero-day exploit since December, and part of an increasingly troubling trend.
The zero-day flaw affects Office versions 2000, XP, 2003 and 2004 for the Mac, but not 2007 or Works 2004, 2005 or 2006.
An attacker could exploit the flaw either by enticing a user to click on a file hosted on a Web site or an attachment sent via e-mail. Either exploit would require some end-user interaction.
The vulnerability poses the greatest risk to users running with Administrator privileges. Successful exploit of the attack would grant the attacker the same user rights as the user. Office running on Windows Vista could be more hardened to the attack, as all userseven those running as Administratorsoperate in standard mode.
Read the full story on eWEEK.com: New Zero-Day Threat Excels.